Bug #16307
Broken Tor Browser on Buster: terminates when opening a file dialog
100%
Description
Seen on <https://paste.debian.net/>, clicking the “Browse” button leads to this for tor-browser, with two extra lines for clarity:
--- Startup messages ---
Fontconfig warning: "/usr/local/lib/tor-browser/TorBrowser/Data/fontconfig/fonts.conf", line 85: unknown element "blank"
1546742616883 addons.webextension.{73a6fe31-595d-460b-a920-fcc0f8843232} WARN Loading extension '{73a6fe31-595d-460b-a920-fcc0f8843232}': Reading manifest: Error processing background.persistent: Event pages are not currently supported. This will run as a persistent background page.
Fontconfig warning: "/usr/local/lib/tor-browser/TorBrowser/Data/fontconfig/fonts.conf", line 85: unknown element "blank"
1546742617998 addons.webextension.https-everywhere-eff@eff.org WARN Please specify whether you want browser_style or not in your browser_action options.
1546742617998 addons.webextension.{73a6fe31-595d-460b-a920-fcc0f8843232} WARN Please specify whether you want browser_style or not in your browser_action options.
1546742619405 addons.webextension.uBlock0@raymondhill.net WARN Loading extension 'uBlock0@raymondhill.net': Reading manifest: Error processing incognito: Invalid enumeration value "split"
1546742619409 addons.webextension.uBlock0@raymondhill.net WARN Loading extension 'uBlock0@raymondhill.net': Reading manifest: Error processing sidebar_action.open_at_install: An unexpected property was found in the WebExtension manifest.
1546742619409 addons.webextension.uBlock0@raymondhill.net WARN Loading extension 'uBlock0@raymondhill.net': Reading manifest: Error processing storage: An unexpected property was found in the WebExtension manifest.
Fontconfig warning: "/usr/local/lib/tor-browser/TorBrowser/Data/fontconfig/fonts.conf", line 85: unknown element "blank"
--- Trying to browse ---
(firefox:13189): Gtk-CRITICAL **: 02:44:02.682: Error creating directory /home/amnesia/.config/gtk-3.0: Permission denied
(firefox:13189): Gtk-WARNING **: 02:44:02.699: Could not load a pixbuf from /org/gtk/libgtk/icons/16x16/status/image-missing.png.
This may indicate that pixbuf loaders or the mime database could not be found.
**
Gtk:ERROR:../../../../gtk/gtkiconhelper.c:494:ensure_surface_for_gicon: assertion failed (error == NULL): Failed to load /org/gtk/libgtk/icons/16x16/status/image-missing.png: Unrecognized image file format (gdk-pixbuf-error-quark, 3)
Redirecting call to abort() to mozalloc_abort
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=21.8181) [GFX1-]: Receive IPC close with reason=AbnormalShutdown
[Child 13295, Chrome_ChildThread] WARNING: pipe error (3): Connection reset by peer: file /var/tmp/build/firefox-efdff96e8955/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 353
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=25.6962) [GFX1-]: Receive IPC close with reason=AbnormalShutdown
[Child 13251, Chrome_ChildThread] WARNING: pipe error (3): Connection reset by peer: file /var/tmp/build/firefox-efdff96e8955/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 353
Segmentation fault
Meanwhile, on the dmesg -w
side (with another tor-browser process):
[ 1148.939816] audit: type=1400 audit(1546742961.676:518): apparmor="DENIED" operation="mkdir" profile="torbrowser_firefox" name="/home/amnesia/.config/gtk-3.0/" pid=13327 comm="firefox.real" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
[ 1148.957485] audit: type=1400 audit(1546742961.692:519): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/lib/live/mount/rootfs/filesystem.squashfs/usr/local/share/mime/mime.cache" pid=13327 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1148.957490] audit: type=1400 audit(1546742961.692:520): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/lib/live/mount/rootfs/filesystem.squashfs/usr/local/share/mime/globs2" pid=13327 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1148.957494] audit: type=1400 audit(1546742961.692:521): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/lib/live/mount/rootfs/filesystem.squashfs/usr/local/share/mime/magic" pid=13327 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1148.957498] audit: type=1400 audit(1546742961.692:522): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/lib/live/mount/rootfs/filesystem.squashfs/usr/local/share/mime/aliases" pid=13327 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1148.957502] audit: type=1400 audit(1546742961.692:523): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/lib/live/mount/rootfs/filesystem.squashfs/usr/local/share/mime/subclasses" pid=13327 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1148.957505] audit: type=1400 audit(1546742961.692:524): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/lib/live/mount/rootfs/filesystem.squashfs/usr/local/share/mime/icons" pid=13327 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1148.957509] audit: type=1400 audit(1546742961.692:525): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/lib/live/mount/rootfs/filesystem.squashfs/usr/local/share/mime/generic-icons" pid=13327 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1148.957512] audit: type=1400 audit(1546742961.692:526): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/lib/live/mount/rootfs/filesystem.squashfs/usr/share/mime/mime.cache" pid=13327 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 1148.957519] audit: type=1400 audit(1546742961.692:527): apparmor="DENIED" operation="open" profile="torbrowser_firefox" name="/lib/live/mount/rootfs/filesystem.squashfs/usr/share/mime/globs2" pid=13327 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Subtasks
History
#1 Updated by intrigeri 2019-01-06 07:01:56
- Status changed from New to Confirmed
- Assignee set to intrigeri
- Affected tool set to Browser
Thanks! I’ll take a look.
#2 Updated by intrigeri 2019-01-07 08:52:01
Interestingly, Evince is not affected and I don’t get why.
Next steps:
- check if
feature/16073-linux-4.19+force-all-tests
is affected, i.e. is this a regression caused by Linux 4.19? - check if apparmor 2.13.2 (that migrates to testing today) fixes the problem
#3 Updated by intrigeri 2019-01-07 10:25:45
intrigeri wrote:
> * check if feature/16073-linux-4.19+force-all-tests
is affected, i.e. is this a regression caused by Linux 4.19?
It’s not.
> * check if apparmor 2.13.2 (that migrates to testing today) fixes the problem
And if it does not: try on feature/buster with Stretch’s apparmor parser.
#4 Updated by intrigeri 2019-01-07 10:34:42
- Subject changed from Broken tor-browser on buster: terminates when opening a file dialog to Broken Tor Browser on Buster: terminates when opening a file dialog
#5 Updated by intrigeri 2019-01-07 10:54:57
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 10
intrigeri wrote:
> > * check if apparmor 2.13.2 (that migrates to testing today) fixes the problem
>
> And if it does not:
It does not.
> try on feature/buster with Stretch’s apparmor parser.
Downgrading to Stretch’s apparmor
and libapparmor1
, choosing to keep our patched conffiles when dpkg asked, fixes it. Finally some hope! Next step: figure out which one, among the parser downgrade and the policy downgrade, did the trick.
#6 Updated by intrigeri 2019-01-07 11:12:56
intrigeri wrote:
> Downgrading to Stretch’s apparmor
and libapparmor1
, choosing to keep our patched conffiles when dpkg asked, fixes it. Finally some hope! Next step: figure out which one, among the parser downgrade and the policy downgrade, did the trick.
On this frankenstein system:
- upgrading to Buster’s AA features file: still works
- overwriting the
apparmor_parser
binary and/lib/x86_64-linux-gnu/libapparmor.so.1*
with the version from Buster: still works
=> I think some part of the policy update between Stretch and Buster breaks our alias
trick, somehow. Will kinda bisect it.
#7 Updated by intrigeri 2019-01-07 12:00:26
Seems like the abstractions/freedesktop.org
update, and more specifically the syntax used in the corresponding tunables/share
, is the culprit.
This fixes the problem:
--- /lib/live/mount/rootfs/filesystem.squashfs/etc/apparmor.d/tunables/share 2018-09-05 16:51:53.000000000 +0000
+++ /etc/apparmor.d/tunables/share 2019-01-07 11:53:28.648000000 +0000
@@ -1,4 +1,4 @@
-@{flatpak_exports_root} = flatpak/exports flatpak/{app,runtime}/*/*/*/*/export
+@{flatpak_exports_root} = {flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}
# System-wide directories with behaviour analogous to /usr/share
# in patterns like the freedesktop.org basedir spec. These are
Looks like variable expansion of space-separated values works fine (e.g. in @{system_share_dirs}
) but not recursively once combined with AppArmor aliases.
Will apply the policy fix in Tails and submit it upstream, where I’ll be told whether it shall be reported as a parser bug or not.
#8 Updated by intrigeri 2019-01-07 13:33:17
- Status changed from In Progress to Resolved
- Assignee deleted (
intrigeri) - % Done changed from 10 to 100
#9 Updated by intrigeri 2019-01-07 13:33:32
- Priority changed from Normal to Elevated